Security & Trust at Norte

Norte was built on a privacy-first principle: we don't need access to your bank or card numbers to help you use your benefits. Here's how we protect what you do share with us.

No Bank Linking, Ever

Norte never asks for your bank login, card numbers, CVV, or transaction history. You add your cards by name; we look up the public benefit data. There's no Plaid, no screen scraping, no credentials to steal.

Data You Add Stays Yours

Your wallet (cards, policies, perk usage) is tied to your authenticated account. Row-level security in our database ensures no other user — and no third party — can access your records.

Encryption

• In transit: TLS 1.2+ for all connections.
• At rest: AES-256 encryption on Supabase-managed Postgres.

AI & Document Uploads

Benefit guide PDFs you upload are stored privately in your account and processed by AI providers under data-processing agreements. Your uploads are not used to train external models.

Authentication

Email + password and OAuth (Google, Apple) via Supabase Auth. Sessions are JWT-based and expire automatically.

Access Controls

Internal access to user data is restricted, audit-logged, and limited to support actions you explicitly request.

Compliance

GDPR-compliant data handling for EU users. CCPA-compliant for California residents. See Privacy Policy for your rights and how to exercise them.

Reporting a Security Issue

If you discover a vulnerability, please disclose responsibly: security@norteapp.io. We'll respond within 72 hours.